Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-31068

The reverse proxy monitor doesn't verify anymore if org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true on Tomcat

      When deployed under Tomcat, Jenkins requires to have this option set :

      -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true
      

      This is a known issue/limitation/prerequisite like described in:

      The reverse proxy monitor was verifying this originally ( info confirmed by jglick ) :
      https://github.com/jenkinsci/jenkins/commit/724f9e0dfc2011d4c12e867bd85bc3f32c2b0513 (1.552)

      But it was lost in this commit: https://github.com/jenkinsci/jenkins/commit/cffe9df0176b0ff895554ce7f2ea4d2f20062351 (1.572)

      I'm not sure that all these controls should be in the same monitor but for sure the test must be done.

      Maybe:

      • to be re-added in the reverse proxy monitor to verify when the problem comes from the reverse proxy.
      • to be re- added as a specific Monitor for Tomcat because if org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH isn't set it will break some Jenkins features (400 HTTP Error - Bad Request with AJAX calls inside Folders for example, ...) even if there is no reverse proxy configured.

          [JENKINS-31068] The reverse proxy monitor doesn't verify anymore if org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true on Tomcat

          Daniel Beck added a comment -

          to be re- added as a specific Monitor for Tomcat because if org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH isn't set it will break some Jenkins features (400 HTTP Error - Bad Request with AJAX calls inside Folders for example, ...) even if there is no reverse proxy configured.

          Not only Tomcat, Apache (reverse proxy) also screws up slashes.

          Daniel Beck added a comment - to be re- added as a specific Monitor for Tomcat because if org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH isn't set it will break some Jenkins features (400 HTTP Error - Bad Request with AJAX calls inside Folders for example, ...) even if there is no reverse proxy configured. Not only Tomcat, Apache (reverse proxy) also screws up slashes.

          Code changed in jenkins
          User: Josiah Haswell
          Path:
          core/src/main/resources/hudson/diagnosis/ReverseProxySetupMonitor/message.jelly
          http://jenkins-ci.org/commit/jenkins/33799df36cbf2f5e0c5d0ac8372ff761e82c3784
          Log:
          [FIXED JENKINS-31068] Monitor does not detect when Tomcat URL encoding parameter rejects forward slashes in URL (#2977)

          • backing out changes--they don't fully work
          • Saving progress so that I can revert to an earlier version for tests
          • So, pretty exhaustive testing yields that these modifications have the same behavior as the previous versions
          • [FIX JENKINS-31068] Adding wiki reference to error message. Adding trailing slash to URL
          • [FIX JENKINS-31068] It looks like different versions of Tomcat and Apache HTTP handle this case differently. Really, the best we can do is check to see if the test method was not hit and passed correctly--if we hit it, we get more information on the configuration error. If we don't, we just refer them to a general wiki page

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Josiah Haswell Path: core/src/main/resources/hudson/diagnosis/ReverseProxySetupMonitor/message.jelly http://jenkins-ci.org/commit/jenkins/33799df36cbf2f5e0c5d0ac8372ff761e82c3784 Log: [FIXED JENKINS-31068] Monitor does not detect when Tomcat URL encoding parameter rejects forward slashes in URL (#2977) Fixing JENKINS-31068 backing out changes--they don't fully work Saving progress so that I can revert to an earlier version for tests So, pretty exhaustive testing yields that these modifications have the same behavior as the previous versions [FIX JENKINS-31068] Adding wiki reference to error message. Adding trailing slash to URL [FIX JENKINS-31068] It looks like different versions of Tomcat and Apache HTTP handle this case differently. Really, the best we can do is check to see if the test method was not hit and passed correctly--if we hit it, we get more information on the configuration error. If we don't, we just refer them to a general wiki page

          Ryan Campbell added a comment -

          Released in jenkins-2.77

          Ryan Campbell added a comment - Released in jenkins-2.77

            jhaswell Josiah Haswell
            aheritier Arnaud Héritier
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: